[PATCH] make set_loginuid obey audit_enabled

Hi,

I was doing some testing and noticed that when the audit system was disabled,
I was still getting messages about the loginuid being set. The following patch
makes audit_set_loginuid look at in_syscall to determine if it should create
an audit event. The loginuid will continue to be set as long as there is a context.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 851ae0217e4b475f338ad10ab4cb00cc400db737..b097ccb4eb7ea8e10145a29b6f2e1fc14120e0d5 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1290,18 +1290,23 @@ void auditsc_get_stamp(struct audit_context *ctx,
  */
 int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
 {
-       if (task->audit_context) {
-               struct audit_buffer *ab;
-
-               ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
-               if (ab) {
-                       audit_log_format(ab, "login pid=%d uid=%u "
-                               "old auid=%u new auid=%u",
-                               task->pid, task->uid, 
-                               task->audit_context->loginuid, loginuid);
-                       audit_log_end(ab);
+       struct audit_context *context = task->audit_context;
+
+       if (context) {
+               /* Only log if audit is enabled */
+               if (context->in_syscall) {
+                       struct audit_buffer *ab;
+
+                       ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
+                       if (ab) {
+                               audit_log_format(ab, "login pid=%d uid=%u "
+                                       "old auid=%u new auid=%u",
+                                       task->pid, task->uid,
+                                       context->loginuid, loginuid);
+                               audit_log_end(ab);
+                       }
                }
-               task->audit_context->loginuid = loginuid;
+               context->loginuid = loginuid;
        }
        return 0;
 }